RemoteLeaf Logo
Log in Sign up

Application Security Lead

12 hours, 42 minutes ago
United Kingdom
Full-time
Lead
Application Security Engineer
Software Development
Burp Suite CI/CD Django GCP Kubernetes Microservices MongoDB Python Terraform Vue.js
Apply Now
Prolific

Prolific

Prolific is a platform that enables researchers to quickly find trustworthy research participants. With a pool of over 120,000 active and verified participants, Prolific ensures high-quality responses through continuous monitoring and engagement. The p...

Professional Services
51-250
Founded 1997
$0M raised
View All Jobs 168

Description

  • Own and evolve Prolific’s application security strategy end to end.
  • Define and drive the Secure Software Development Lifecycle (SSDLC) across engineering.
  • Serve as the most senior security engineering voice in the organisation.
  • Conduct hands-on code review, threat modelling, and security testing when needed.
  • Partner with engineering leadership to balance security risk and delivery velocity.
  • Build the tooling, processes, and security culture needed to embed security into product development.
  • Manage and mentor the Senior Application Security Engineer.
  • Own vulnerability management and lead high-impact security reviews.
  • Work cross-functionally with product engineering, platform, data, TechOps, and legal teams.
  • Continue to own the compliance programme alongside application security responsibilities.

Requirements

  • Several years of experience in software engineering and building production systems at scale.
  • Several years of experience in application security, including testing, code review, threat modelling, and vulnerability management.
  • Expert knowledge of the OWASP Top 10 for web and API security.
  • Strong understanding of modern attack paths, including authentication flaws, SSRF, injection, business logic issues, and supply chain risk.
  • Strong understanding of modern architectures such as microservices, APIs, and event-driven systems.
  • Python experience for security tooling and automation; Django is a strong plus.
  • Hands-on testing experience with tools such as Burp Suite and manual assessment of apps and APIs.
  • Experience building and scaling SSDLCs, including CI/CD security tooling such as SAST, SCA, DAST, and secrets scanning.
  • Experience leading threat modelling and security design reviews.
  • Experience with ISO 27001 and/or SOC 2, with the ability to translate controls into engineering practices.
  • Strong engineering partnership skills and clear communication with technical and non-technical audiences.
  • Preferred: experience mentoring or managing security engineers.
  • Preferred: experience with Django, Vue.js, MongoDB, and GCP.
  • Preferred: experience with security champions or bug bounty programmes.
  • Preferred: experience with supply chain or infrastructure security, including Terraform and Kubernetes.
  • Preferred: hands-on certifications such as OSCP, GWAPT, BSCP, or CISSP.
  • Preferred: experience building application security in a scaling company.

Benefits

  • Competitive salary.
  • Benefits package.
  • Remote working.
  • Mission-driven culture.
  • Access to a unique human data platform and opportunities for groundbreaking research.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Infatica

Application Security Consultant

Infatica 1-10 Internet Software & Services

Infatica.io is seeking an Application Security Consultant to assess and improve the security of its proxy services by analyzing product components, build and distribution processes, and external detection responses.

Spain Full-time Senior Application Security Engineer
Linux Machine Learning
33 minutes ago
Thumbtack

Staff Application Security Engineer

Thumbtack 1K-5K Construction & Engineering

Thumbtack is hiring a Security Engineer to shape application security for its cloud-based, AI-enabled home services platform as the company scales.

Remote
Full-time Lead Application Security Engineer
$221k-$286k
AWS CI/CD GCP Secrets Management
1 hour, 30 minutes ago
Trustly

SecOps Engineer (AppSec)

Trustly 251-1K Diversified Financial Services

Trustly is seeking a remote SecOps Engineer (AppSec) to help secure its global open banking payments platform by strengthening application, cloud, and infrastructure security controls.

Brazil Full-time Mid Level Application Security Engineer
Cybersecurity GitHub Java Kubernetes Node.js OWASP Penetration Testing Python Shell Scripting
13 hours, 49 minutes ago
Thumbtack

Staff Application Security Engineer

Thumbtack 1K-5K Construction & Engineering

Thumbtack is hiring a Senior Application Security Engineer to help design security into its products, platforms, and developer workflows as the company scales and expands AI-powered features.

United States Full-time Lead Application Security Engineer
$212k-$323k
AWS CI/CD GCP Secrets Management
20 hours, 3 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers